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Device delivering a service using an associated portable objeeti and 
including relqy means for allowing activation of an application of the 
portable object fay a second device 

5 1 Technlcai application field 

The invention relates to a first device for delivering a service using an 
application lodged In a portable object, comprising a portable object reader for 
receiving said portable object, tfie portable object Incorporating at least one 
application and the first device Including resources for activating said 
10 application. The general problem to be solved is to allow, beside usual activation 
of an application of the portable object by the resident resources of the first 
device, activation of an application of the portable object by a second device, 
independently of said resident resources. 

15 This feature offers several advantages, in particular : 

-in case the resources of the first device are regarded as too limited for certain 
management operations of the application (for example, the keyboard and 
display are small), activation by the second device may offer extended 
resources ; 

20 -for executing certain operations of the application, it may be desired or even 
required that only said second device will manage said operations. For example, 
it may be decided that some secure operations such as a funds transfer with the 
portable object will be only possible if executed by said second device. 
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The wording "portable objecr Includes any object able to lodge an application, 
sucli as a memory card or a microcontroller card (smart card). 



The present invention will be explained t>ased on the following drawings : 

5 Figure 1 illustrates the known USB bus topology ; 

Figure 2 illustrates a smart card based WEB server application ; 

Figure 3 illustrates the invention, the first device being constituted by a HUB 
cellular handset; 

Figure 4 illustrates the invention applied to a secure off-line banking accounts 
10 browsing architecture. 

2 State off the art 

Since a prefenred embodiment of the Invention uses the USB technology, a short 
reminder of the latter is now made. 

1 5 2.1 Introduction to the USB technology 

The USB technology is defined by a standard described in the "Universal Serial 
Bus specification" Details can be found in this document accessible on Internet 
site www.usb.ora . The USB physical interconnect is a tiered start made of three 
types of devices : 

20 1. The USB root that is hold by a host device such as a PC (Personal 
Computer). 

2. The USB HUB (interconnect). There is at least one HUB in a USB that Is 
the root HUB. There may be up to five levels of HUB on the same bus. 

3. The USB functions that are always connected to a HUB. It may be a 
25 scanner, a printer, a joystick... 



3 

Figure 1 describes the USB topology. Objects named Tunc" are the USB 
functions (printer, scanner...): 

2.2 Compound device 

5 A compound device is a unique physical device that combines one or more 
functions with a IHUB in a single package. There might be a single chip, or a 
more complicated electronic device combining several electronic components. 

2.3 Virtual device and real device 

In the USB standard, a real device (i.e. a scanner, a printer...) is always coupled 
10 with a virtual device that is the device driver allowing the computer application to 
access to the real device functions. 

In case of a compound device, it is associated with a least 2 virtual devices (1 
for the HUB and 1 per function). 

. 2.4 Example of an application using a WEB server embedded In a 
15 smart card 

In figure 2, secure areas are surrounded with a dashed rectangle. This ensures 
the user data are held in secure places. 

It works as follows : 

• Regularly, and preferably when the network is underused, the smart card 
20 and the bank server synchronize the user data. The bank transfers both 

the data to display in an XML file and the pages format in an HTML file. 
Locally, the smart card WEB server is able to prepare the HTML pages 
including the data In order to answer to the handset browser queries with 
a ready to use HTML page. 
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• When the user wants to browse its account, It can require the handset 
browser to query the smart card WEB server Instead of accessing to the 
bank server. 

2.5 The Improvement proposed 

5 The application presented chapter 2.4 Is interesting, but the user interface is 
limited by the handset keyboard and display. 

The goal of the present Invention in this context Is to allow the user to browse 
the smart card content from Its PC, without having to remove the card from the 
handset. 

10 One should not think the Invention is limited to the WEB server. It also applies to 
all the data and applications embedded in the smart card. Furthermore, the 
Invention is applicable, not only to smart cards, but also to any combination 
where a removable device Is coupled to another device that may be in relation 
with a 3"* device itself compatible with the removable device mentioned here 

15 above. 

3 The invention 

For achieving this goal, the Invention concerns a first device for delivering a 
service using an application lodged In a portable object, comprising a portable 

20 object reader for receiving said portable object, the portable object Incorporating 
at least one application and the first device Including resources for activating 
said application, characterized in that it includes relay meeuis an'anged for 
performing a communication between said portable object reader and a second 
device external to said first device and connected thereto so that the second 

25 device activates at least one application of the portable object Independently of 
said resources. 



The Invention described herein may be used to have access to any application 
provided by a mobile communication handset embedding a smart card (e.g. 
GSM, WCDMA...) but not exclusively. 

5 In figure 3, a browser In the PC queries a WEB server present In a USB SIM 
card through a USB HUB present In the cellular handset. 

Beyond the cellular handset, the Invention Is applicable to any portable device 
subject to behave as an intermediate between another portable device it 
embeds - such as a smart card - and another equipment that has access to the 
10 embedded device exactly as If the connection was realized without any 
Intermediate. 

More oarticularlv. the invention comorises the foilowina features : 

1. Implementing a relaying function on a device A in which the smart card is 
15 inserted. 

This function may be realized using different means, depending on the 
communication capabilities of the communicating object. For instance, 
one could use the Internet Protocol, the USB or mixing both on the device 
A. In figure 3, the relaying function is constituted by the USB HUB in the 
20 cellular handset. 

2. This relaying function is used to establish a linic between the smart card 
and a device B (here, a PC). In the example of figure 3, the expected 
advantage is using some improved display and entry peripheral 
comparing with the ones existing on the device A. According to the USB 

25 technology, the smart card includes at least one USB device. Here, it 

includes several devices, so that it also includes a corresponding USB 
HUB for giving access to any USB device. Any application of the card, 
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Shown on figure 3, may be reached by device B through USB HUB of the 
cellular handset and USB HUB of the card. 

Whatever the technology concerned, device B has access to the card 
through the relaying function and a card reader usually provided in the 
cellular handset. Typically but not exclusively, signals emanating from 
device B are managed by tiie relaying function, bypassing the Icnown 
resources of the cellular handset (at least mobile communication 
application, l<eyboard and display). Then, the relaying function sends 
corresponding signals to the card, through the card reader. The same 
path is used for signals emanating from the card and destined to device 
B, that is through the card reader then through the relaying function. 

3. The link between the smart card and the device B Is established in a 
such a way that the device B may have no idea that the smart card is in 
reality inserted in a device A that may natively be conceived as a 
peripheral for the device B. 

4. The type of linl< or protocol used between the smart card and the device 
A, the device A and the device B, or the smart card and the device B has 
no importance, assuming there is no technical impossibility (e.g. speed 
concerns). The protocols and/or the physical means used can be 
different. 

5. Defining a linl< Including the device A, the device B and the smart card is 
the minimum, but several other devices might be inserted in any place of 
the link. 

Some advantages of the invention : 

1. Having access to the smart card from the device B makes the user more 
comfortable to manage the data in the card (whatever the data are). 
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2. If the device B is equipped witfi an Internet connection (for example), the 
applications embedded in the smart card could take advantage of this 
connection to upload and /or download data. 

3. Simplifying the access to the card in such a way may help to use the 
5 secure area that is the card. 

4 Implementation example 
4.1 Inteodtictlon 

This example consists on securely browsing banlcing accounts from a cellular 
10 handset at any time (i.e. even if the networl< is not available), and being also 
able browsing the same data from a PC browser with a better user interface 
(taking advantages of the PC display, keyboard, mouse and more). 

It uses the following : 

• An advanced cellular handset connected to the internet, compatible with 
15 USB smart cards, and embedding the relaying function by including a 

USB HUB. 

• A USB SIM card embedding a WEB server (might be programmed in 
Java for example). 

• A bank WEB server to exchange data with WEB server in the SIM, or to 
20 browse user accounts using a standard WEB browser (e.g. Internet 

Explorer or Netscape-registered trademarks), 

• A PC embedding a USB host (and root HUB) as shown in Tier 1 of figure 
1, a USB plug, etc. 
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4.2 Components characteristics 

4.2.1 Cellular handset characteristics 

The cellular handset shall be immediately connected to the Internet when, being 
compatible with GPRS or UMTS standards, it recognizes the networlc. It shall 
5 have an IP address that may change at each startup (a fixed IP address is not 
mandatory). Of course, depending on the networic status, the IP linic may 
sometimes be broken. 

A standard WEB browser is available on the cellular handset. It may be 
alternatively connected to a server over the wireless connection, or to the server 
10 in the SIM (see §4.2.2). From the browser standpoint there are no differences. 
Every server involved has an IP address. 

The handset and the card are connected using a USB. The SIM, UMTS, GRPS 
or any other applications are viewed as USB devices. 

The handset is directly connected to an external USB host such as a PC. It 
15 becomes a USB HUB (see figure 3). 

From the SIM standpoint, the cellular handset is a USB HUB that is connected 
to a host. 

The handset cannot access the GSM, GPRS and/or some other USB devices as 
it is Just behaving as a USB HUB (this is for the example, but technical solutions 
20 can be Implemented to allow the handset continuing having access to the 
application that may not interest the USB root to which it is connected). 

4.2.2 SIM card characteristics 

In this example, the SIM card embeds at least the following: 

• The SIM standards requirements to allow the handset to have access to 
25 the cellular network (i.e. the GSM, the GPRS and/or equivalent 

applications). 



• A WEB server able replying to Incoming queries and to exchange files 
with a distant server (using FTP or HTTP protocol for Instance). 

• An XML parser. 

• Cryptographic means to manage l<ey$, encrypt, decrypt, sign.. . 
5 • Preferably, a JavaCard virtual machine. 

• Ali complementary software and drivers to make ail elements listed here 
above to interact. 

The handset has access to the card through a USB. It detects a USB HUB 
followed by several USB devices. 

10 The card embeds a USB HUB and a WEB server. The WEB server virtual 
device (i.e. device driver) implemented on the handset makes it accessible using 
IP (Internet Protocol). The card becomes an Internet node. Any equipment able 
to have access to this USB, and having the correct device driver, can have 
access to the card WEB server like any other WEB server, thus using an IP 

15 address. 

The IP frames are encapsulated in USB protocol, and the device drivers, both 
on the handset and on the card, provide the Interface masking the real data 
transport mean. 

When the USB host detects that the card embeds a USB device that Is a WEB 
20 server, it performs the required operation to allocate It an IP address. 

4.2.3 WEB server characteristics 

The (distant) WEB server is a standard server embedding means to exchange 
files with the SIM card WEB server. 

4.2.4 Complementary characteristics 

25 The bank server and the card server should share some cryptographic keys In 
order to exchange files and / or queries securely (in order to protect the user 
banking information). The protocol used here is not important as long as the 
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security level Is strong enough. There are many standard solutions existing to 
solve this concern. One of them is using the PKI (Public key Infrastaicture) 
architecture. 

4^ Secure off-line banking ac:counte browsing 

5 Figure 4 shows the architecture of the example, using the components 
described In paragraph 4.2. 

• The handset behavior is the one of a device embedding a USB HUB 
device. 

• The handset is connected to a USB host. This host shows the USB 
10 HUB in the handset, followed by the one in the smart card, followed by 

the devices in the smart card, particularly the WEB server. 

• The host has the required virtual devices (I.e. the device driver) at its 
disposal. It Is these virtual devices that encapsulate the IP frame to 
make it compatible with the USB. 

15 The WEB sen/er device In the smart card Is consequently accessible 

from the host (I.e. the PC) like any other IP node. 

• When the user wants to browse its banking information, it uses the 
browser of Its PC (e.g. Netscape or Internet Explorer). He can have 
access to its banking information either by accessing the Internet, or 

20 by browsing its data locally by querying the WEB browser In the smart 

card. 

• When the PC (USB host) is connected to the Internet, the smart card 
WEB server can take advantage of this situation to synchronize its 
databases with the bank ones. 

25 The link between the handset and the PC does not need to be a USB one. The 
encapsulation process allows using any type of link such as BlueTooth, IP or 
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any other compatible link. The relaying function in the cellular handset will be, in 
each particular case, adapted to the type of link chosen. 

4.4 Alternate solutions 

The entire example described here above is based on the USB protocol. Of 
5 course, many other protocols can also match the requirement. One could 
imagine a smart card and a handset natively embedding the IP. Then, the 
switching operation from the USB root to the USB HUB function is not anymore 
required as the smart card and the handset both become an intemet node. 

When connected to a PC, all the three participants are able to have access to 
10 each other with no other restrictions than the one defined the IP 
specifications. 
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CLAIM 



A first device for delivering a service using an application lodged in a portable 
object, comprising a portable object reader for receiving said portable object, the 

5 portable object Incorporating at least one application and the first device 
including resources for activating said application, characterized In that it 
includes relay means arranged for perfomiing a communication between said 
portable object reader and a second device external to said first device and 
connected thereto so that the second device activates at least one application of 

10 the portable object independently of said resources. 
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ABSTRACT 



Device delivering a service using an associated portable object, and 
Including raiay means for allowing activation of an application of the 
5 portable object by a second device 



The invention concerns a first device for delivering a service using an application 
lodged in a portable object, comprising a portable object reader for receiving 
said portable object, the portable object incorporating at least one application 

10 and the first device including resources for activating said application, 
characterized in that It includes relay means arranged for perfomiing a 
communication between said portable object reader and a second device 
external to said first device and connected thereto so that the second device 
activates at least one application of the portable object Independently of said 

15 resources. 
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Fig. 1 (Prior art) 
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